logstash-filter-geoip 4.2.1-java → 4.3.0-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/docs/index.asciidoc +22 -12
- data/lib/logstash/filters/geoip.rb +5 -2
- data/logstash-filter-geoip.gemspec +1 -1
- data/spec/filters/geoip_spec.rb +3 -4
- data/vendor/GeoLite2-ASN.mmdb +0 -0
- data/vendor/GeoLite2-City.mmdb +0 -0
- data/vendor/LICENSE.txt +3 -0
- data/vendor/jar-dependencies/org/logstash/filters/logstash-filter-geoip/4.2.0/logstash-filter-geoip-4.2.0.jar +0 -0
- metadata +4 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9629d03788dadbb35ba06f83f1a15f89fa824c68
|
4
|
+
data.tar.gz: 58baa3b460c42816f203c3ac9085d39b428a566e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: cb29ef2b212a5aadddd187d0173364467d91e099c72f8b8e2e06ea6b2cd6fd09e01746daa3ac5d0287562487c79a9b67242f7be4ca04dac4d9e99a42d826f80c
|
7
|
+
data.tar.gz: 57686c233607989cccb83c36835444128f3c63db477da18484787ad56f45230625b42d3551e7051c97b52a1ff6d31584c2cdae57a2c04c5e7c7c2cd193a5d65e
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,7 @@
|
|
1
|
+
## 4.3.0
|
2
|
+
- Bundle the GeoLite2-ASN database by default
|
3
|
+
- Add default_database_type configuration option to allow selection between the GeoLite2-City and GeoLote2-ASN databases.
|
4
|
+
|
1
5
|
## 4.2.0
|
2
6
|
- Add support for GeoLite2-ASN database from Maxmind for ASN data.
|
3
7
|
- Update Java dependencies to 2.9.0 to support the new ASN database.
|
data/docs/index.asciidoc
CHANGED
@@ -12,7 +12,7 @@ START - GENERATED VARIABLES, DO NOT EDIT!
|
|
12
12
|
END - GENERATED VARIABLES, DO NOT EDIT!
|
13
13
|
///////////////////////////////////////////
|
14
14
|
|
15
|
-
[id="plugins-{type}-{plugin}"]
|
15
|
+
[id="plugins-{type}s-{plugin}"]
|
16
16
|
|
17
17
|
=== Geoip filter plugin
|
18
18
|
|
@@ -25,14 +25,14 @@ based on data from the Maxmind GeoLite2 databases.
|
|
25
25
|
|
26
26
|
==== Supported Databases
|
27
27
|
|
28
|
-
This plugin is bundled with https://dev.maxmind.com/geoip/geoip2/geolite2[GeoLite2] City database out of the box. From Maxmind's description --
|
29
|
-
"GeoLite2 databases are free IP geolocation databases comparable to, but less accurate than, MaxMind’s
|
28
|
+
This plugin is bundled with https://dev.maxmind.com/geoip/geoip2/geolite2[GeoLite2] City database out of the box. From Maxmind's description --
|
29
|
+
"GeoLite2 databases are free IP geolocation databases comparable to, but less accurate than, MaxMind’s
|
30
30
|
GeoIP2 databases". Please see GeoIP Lite2 license for more details.
|
31
31
|
|
32
32
|
https://www.maxmind.com/en/geoip2-databases[Commercial databases] from Maxmind are also supported in this plugin.
|
33
33
|
|
34
|
-
If you need to use databases other than the bundled GeoLite2 City, you can download them directly
|
35
|
-
from Maxmind's website and use the `database` option to specify their location. The GeoLite2 databases
|
34
|
+
If you need to use databases other than the bundled GeoLite2 City, you can download them directly
|
35
|
+
from Maxmind's website and use the `database` option to specify their location. The GeoLite2 databases
|
36
36
|
can be downloaded from https://dev.maxmind.com/geoip/geoip2/geolite2[here].
|
37
37
|
|
38
38
|
If you would like to get Autonomous System Number(ASN) information, you can use the GeoLite2-ASN database.
|
@@ -72,6 +72,7 @@ This plugin supports the following configuration options plus the <<plugins-{typ
|
|
72
72
|
|Setting |Input type|Required
|
73
73
|
| <<plugins-{type}s-{plugin}-cache_size>> |<<number,number>>|No
|
74
74
|
| <<plugins-{type}s-{plugin}-database>> |a valid filesystem path|No
|
75
|
+
| <<plugins-{type}s-{plugin}-default_database_type>> |`City` or `ASN`|No
|
75
76
|
| <<plugins-{type}s-{plugin}-fields>> |<<array,array>>|No
|
76
77
|
| <<plugins-{type}s-{plugin}-source>> |<<string,string>>|Yes
|
77
78
|
| <<plugins-{type}s-{plugin}-tag_on_failure>> |<<array,array>>|No
|
@@ -84,7 +85,7 @@ filter plugins.
|
|
84
85
|
|
85
86
|
|
86
87
|
[id="plugins-{type}s-{plugin}-cache_size"]
|
87
|
-
===== `cache_size`
|
88
|
+
===== `cache_size`
|
88
89
|
|
89
90
|
* Value type is <<number,number>>
|
90
91
|
* Default value is `1000`
|
@@ -105,7 +106,7 @@ to having multiple caches for different instances at different points in the pip
|
|
105
106
|
number of cache misses and waste memory.
|
106
107
|
|
107
108
|
[id="plugins-{type}s-{plugin}-database"]
|
108
|
-
===== `database`
|
109
|
+
===== `database`
|
109
110
|
|
110
111
|
* Value type is <<path,path>>
|
111
112
|
* There is no default value for this setting.
|
@@ -117,8 +118,17 @@ GeoIP2-City, GeoIP2-ISP, GeoIP2-Country are the commercial databases from Maxmin
|
|
117
118
|
If not specified, this will default to the GeoLite2 City database that ships
|
118
119
|
with Logstash.
|
119
120
|
|
121
|
+
[id="plugins-{type}s-{plugin}-default_database_type"]
|
122
|
+
===== `default_database_type`
|
123
|
+
|
124
|
+
This plugin now includes both the GeoLite2-City and GeoLite2-ASN databases. If `database` and `default_database_type` are unset, the GeoLite2-City database will be selected. To use the included GeoLite2-ASN database, set `default_database_type` to `ASN`.
|
125
|
+
|
126
|
+
* Value type is <<string,string>>
|
127
|
+
* The default value is `City`
|
128
|
+
* The only acceptable values are `City` and `ASN`
|
129
|
+
|
120
130
|
[id="plugins-{type}s-{plugin}-fields"]
|
121
|
-
===== `fields`
|
131
|
+
===== `fields`
|
122
132
|
|
123
133
|
* Value type is <<array,array>>
|
124
134
|
* There is no default value for this setting.
|
@@ -155,7 +165,7 @@ to having multiple caches for different instances at different points in the pip
|
|
155
165
|
number of cache misses and waste memory.
|
156
166
|
|
157
167
|
[id="plugins-{type}s-{plugin}-source"]
|
158
|
-
===== `source`
|
168
|
+
===== `source`
|
159
169
|
|
160
170
|
* This is a required setting.
|
161
171
|
* Value type is <<string,string>>
|
@@ -165,7 +175,7 @@ The field containing the IP address or hostname to map via geoip. If
|
|
165
175
|
this field is an array, only the first value will be used.
|
166
176
|
|
167
177
|
[id="plugins-{type}s-{plugin}-tag_on_failure"]
|
168
|
-
===== `tag_on_failure`
|
178
|
+
===== `tag_on_failure`
|
169
179
|
|
170
180
|
* Value type is <<array,array>>
|
171
181
|
* Default value is `["_geoip_lookup_failure"]`
|
@@ -173,7 +183,7 @@ this field is an array, only the first value will be used.
|
|
173
183
|
Tags the event on failure to look up geo information. This can be used in later analysis.
|
174
184
|
|
175
185
|
[id="plugins-{type}s-{plugin}-target"]
|
176
|
-
===== `target`
|
186
|
+
===== `target`
|
177
187
|
|
178
188
|
* Value type is <<string,string>>
|
179
189
|
* Default value is `"geoip"`
|
@@ -193,4 +203,4 @@ is still valid GeoJSON.
|
|
193
203
|
|
194
204
|
|
195
205
|
[id="plugins-{type}s-{plugin}-common-options"]
|
196
|
-
include::{include_path}/{type}.asciidoc[]
|
206
|
+
include::{include_path}/{type}.asciidoc[]
|
@@ -33,12 +33,15 @@ require "logstash-filter-geoip_jars"
|
|
33
33
|
class LogStash::Filters::GeoIP < LogStash::Filters::Base
|
34
34
|
config_name "geoip"
|
35
35
|
|
36
|
-
# The path to the GeoLite2 database file which Logstash should use.
|
36
|
+
# The path to the GeoLite2 database file which Logstash should use. City and ASN databases are supported.
|
37
37
|
#
|
38
38
|
# If not specified, this will default to the GeoLite2 City database that ships
|
39
39
|
# with Logstash.
|
40
40
|
config :database, :validate => :path
|
41
41
|
|
42
|
+
# If using the default database, which type should Logstash use. Valid values are "City" and "ASN", and case matters.
|
43
|
+
config :default_database_type, :validate => ["City","ASN"], :default => "City"
|
44
|
+
|
42
45
|
# The field containing the IP address or hostname to map via geoip. If
|
43
46
|
# this field is an array, only the first value will be used.
|
44
47
|
config :source, :validate => :string, :required => true
|
@@ -104,7 +107,7 @@ class LogStash::Filters::GeoIP < LogStash::Filters::Base
|
|
104
107
|
public
|
105
108
|
def register
|
106
109
|
if @database.nil?
|
107
|
-
@database = ::Dir.glob(::File.join(::File.expand_path("../../../vendor/", ::File.dirname(__FILE__)),"GeoLite2
|
110
|
+
@database = ::Dir.glob(::File.join(::File.expand_path("../../../vendor/", ::File.dirname(__FILE__)),"GeoLite2-#{@default_database_type}.mmdb")).first
|
108
111
|
|
109
112
|
if @database.nil? || !File.exists?(@database)
|
110
113
|
raise "You must specify 'database => ...' in your geoip filter (I looked for '#{@database}')"
|
@@ -1,7 +1,7 @@
|
|
1
1
|
Gem::Specification.new do |s|
|
2
2
|
|
3
3
|
s.name = 'logstash-filter-geoip'
|
4
|
-
s.version = '4.
|
4
|
+
s.version = '4.3.0'
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
6
6
|
s.summary = "$summary"
|
7
7
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
data/spec/filters/geoip_spec.rb
CHANGED
@@ -3,8 +3,6 @@ require "logstash/devutils/rspec/spec_helper"
|
|
3
3
|
require "logstash/filters/geoip"
|
4
4
|
|
5
5
|
CITYDB = ::Dir.glob(::File.expand_path("../../vendor/", ::File.dirname(__FILE__))+"/GeoLite2-City.mmdb").first
|
6
|
-
# this is downloaded in build dir so we don't accidentally package this database when creating a gem
|
7
|
-
ASNDB = ::Dir.glob(::File.expand_path("../../build/GeoLite2-ASN_*", ::File.dirname(__FILE__))+"/GeoLite2-ASN.mmdb").first
|
8
6
|
|
9
7
|
describe LogStash::Filters::GeoIP do
|
10
8
|
|
@@ -39,7 +37,7 @@ describe LogStash::Filters::GeoIP do
|
|
39
37
|
filter {
|
40
38
|
geoip {
|
41
39
|
source => "ip"
|
42
|
-
#database => "#{CITYDB}"
|
40
|
+
# database => "#{CITYDB}"
|
43
41
|
target => src_ip
|
44
42
|
add_tag => "done"
|
45
43
|
}
|
@@ -273,7 +271,8 @@ describe LogStash::Filters::GeoIP do
|
|
273
271
|
filter {
|
274
272
|
geoip {
|
275
273
|
source => "ip"
|
276
|
-
database => "#
|
274
|
+
# database => "" # use the bundled ASN
|
275
|
+
default_database_type => "ASN"
|
277
276
|
}
|
278
277
|
}
|
279
278
|
CONFIG
|
Binary file
|
data/vendor/GeoLite2-City.mmdb
CHANGED
Binary file
|
data/vendor/LICENSE.txt
ADDED
@@ -0,0 +1,3 @@
|
|
1
|
+
This work is licensed under the Creative Commons Attribution-ShareAlike 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/4.0/.
|
2
|
+
|
3
|
+
This database incorporates GeoNames [http://www.geonames.org] geographical data, which is made available under the Creative Commons Attribution 3.0 License. To view a copy of this license, visit http://www.creativecommons.org/licenses/by/3.0/us/.
|
Binary file
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: logstash-filter-geoip
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 4.
|
4
|
+
version: 4.3.0
|
5
5
|
platform: java
|
6
6
|
authors:
|
7
7
|
- Elastic
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-
|
11
|
+
date: 2017-07-17 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
@@ -77,7 +77,9 @@ files:
|
|
77
77
|
- logstash-filter-geoip.gemspec
|
78
78
|
- maxmind-db-NOTICE.txt
|
79
79
|
- spec/filters/geoip_spec.rb
|
80
|
+
- vendor/GeoLite2-ASN.mmdb
|
80
81
|
- vendor/GeoLite2-City.mmdb
|
82
|
+
- vendor/LICENSE.txt
|
81
83
|
- vendor/jar-dependencies/com/maxmind/db/maxmind-db/1.2.2/maxmind-db-1.2.2.jar
|
82
84
|
- vendor/jar-dependencies/com/maxmind/geoip2/geoip2/2.9.0/geoip2-2.9.0.jar
|
83
85
|
- vendor/jar-dependencies/org/logstash/filters/logstash-filter-geoip/4.2.0/logstash-filter-geoip-4.2.0.jar
|